On Fri, 2006-01-27 at 15:18 +0100, Roger Grosswiler wrote: > Thanks, look this: > > [roger@niobe ~]$ sudo rpm -qa | grep selinux-policy-targeted > [roger@niobe ~]$ sudo rpm -qa | grep selinux-policy > [roger@niobe ~]$ > > ...seems i did not have ANY policy installed?????? Seems unlikely, given that you are getting AVC denials. Just do a rpm -q selinux-policy-targeted; you don't have to be root to query. If you were running strict policy, I'd have guessed that your sudo command was failing due to a SELinux denial (possibly just on the output stream to the pipe, thereby silencing it) but if targeted, sudo shouldn't be in its own domain at all. > btw. can somebody explain me the difference between > > -targeted > -mls > -strict -targeted vs. -strict is explained in the Fedora Core SELinux FAQ: http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2764488 Note that since the time of that FAQ (which was for FC3), the targeted policy has expanded to cover many more system programs/processes and certain user programs, but still leaves users unconfined by SELinux. Targeted policy is the default in Fedora and RHEL. The -mls policy is for Multi-Level Security. See: http://james-morris.livejournal.com/5020.html MLS policy is specifically for LSPP certification. In Fedora and the -targeted policy, the same infrastructure being developed for the MLS policy is being used for what Red Hat is calling Multi-Category Security, described in: http://james-morris.livejournal.com/5583.html and http://james-morris.livejournal.com/8228.html MCS is enabled in the FC5 devel -targeted policy already. -- Stephen Smalley National Security Agency -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list